<html>
<body>
<?php
include '../config.php';
$name = $_POST['name'];
$oldpass = $_POST['oldpass'];
$row = mysql_fetch_array(mysql_query("SELECT * FROM user WHERE uName = '$name'"));
$newpass = $_POST['newpass'];
$conpass = $_POST['conpass'];
if ($newpass == $conpass && md5($oldpass) == $row['uPassword']) {
	$new =md5($newpass);
	mysql_query("UPDATE user SET uPassword = '$new' WHERE uName = '$name'") or die(mysql_error());
	header("Location: ../index.php");
	exit();
} else {
	echo "<script>window.setTimeout(function(){
		alert('Password confirmed or Old password incorrect!');
		window.history.back(-1);
	},1000)</script>";
}
?>
</body>
</html>